SV: ip6.arpa help

mattias.o.andersson at gavle.se mattias.o.andersson at gavle.se
Mon Mar 28 15:59:17 UTC 2011 

Great slides, thanks! Still looks like there is a long way to go until there is a standard implementation for reverse DNS ipv6 for large subnets. My problem is that before you put too much effort into it you want to see how other solved this problem or maybe get a standard of some kind.
So my approach will probably be to delegate ip6.arpa for enterprise customers and to ignore or use wildcard for the private customers. Don't know if this will cause any problem thou!? Do they use reverse lookups as a lame security function in IPv6 as well?  

Cheers,
Mattias

-----Ursprungligt meddelande-----
Från: bind-users-bounces+mattias.o.andersson=gavle.se at lists.isc.org [mailto:bind-users-bounces+mattias.o.andersson=gavle.se at lists.isc.org] För Persiko, Mark
Skickat: den 18 mars 2011 18:43
Till: bind-users
Ämne: RE: ip6.arpa help

Hello,

This was shared at RIPE61 and is pertinent to this discussion.   It presents different approaches toward managing IPv6 PTR records for large subnets:

http://ripe61.ripe.net/presentations/139-Ripe-61-rDNS-kzorba-freedman.pdf

Thanks, 
 Mark

-----Original Message-----
From: bind-users-bounces+mark.persiko=level3.com at lists.isc.org [mailto:bind-users-bounces+mark.persiko=level3.com at lists.isc.org] On Behalf Of Eivind Olsen
Sent: Friday, March 18, 2011 7:07 AM
To: bind-users
Subject: Re: ip6.arpa help

Den 18. mars 2011 kl. 10.07 skrev <mattias.o.andersson at gavle.se> <mattias.o.andersson at gavle.se>:
> Are there any good information, maybe RFC,  how reverse DNS should be done in IPv6. Then I don't mean how to register a ip6.arpa and edit your zone-file in bind. I mean how you solve the problem with generate 2^64 unique PTR records for a single customer without filling your hard drive. =)

I'm in a similar situation, and no, I don't know of a nice and easy way of doing this with current software.

Pre-generating reverse records for any possible IPv6 address in your prefix(es) isn't going to work. Adding it to your own services/servers such as email servers etc, that's easy. But how can you know which of the 2^64 addresses your customer is going to be using?
I've been toying with some ideas, not sure which one would actually work the best way:
- don't add any IPv6 reverse records for customers
- you could take the overhead of letting your customers either ask for specific reverse records to be implemented (through customer service? self service web interface?)
- if your customers get assigned addresses from DHCPv6, you might consider letting it update the zones for you
- in theory you could delegate the responsability for reverse records in the customers prefix to them, but I doubt many customers would actually bother running their own nameservers for this.
- perhaps some alternative nameserver software is capable of generating the reverse records on the fly, based on some template, if there's not a specific record already defined?

-- 
Regards
Eivind Olsen
eivind at aminor.no




_______________________________________________
bind-users mailing list
bind-users at lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
_______________________________________________
bind-users mailing list
bind-users at lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

More information about the bind-users mailing list